Virtual Machine Trojan: A New Type Of Threat?


My RSS feed delivered me an very interesting article on security in virtual world. The guy here, Sergio Castro, focused on VMTs (Virtual Machine Trojans).

He demonstrates with a downloadable virtual appliance his proof of concept.  A bit scary but at the end it is a wake-up call.

 

How many of us, me first, have already downloaded a virtual appliance and run it into company’s network. Sure they come from known sources; VMware.com for example but this is not a 100% malware safe certificate…

 

The industry took the virtualization path, we have to comply with and update our security policies and our security tools as well!

VMware.com worked on the security issues and came out with VMsafe, a set of APIs third party vendors such ThirdBrigade.com can use to develop tools and application to extend security to hosts and virtual machines.

 

BTW who’s is attending InfoSec 2009 in London ?

 

 

 

 

Virtualization technology is such an efficient way of managing IT resources that there’s no doubt that in a very short time it will become the only way of doing it. But virtualization is still a new technology, and logically the information security aspect will lag behind for some time to come. 

There are four types of security risks related to virtualization:

1)      The normal, run-of-the-mill buffer overflow type any software package may have; there’s no escaping that. Take CVE-2002-0814 as an example.

2)      The risk of the guest virtual machine taking control of the host physical machine. It’s easy to forget that the virtual machine is running on the same memory of the host. Therefore, the virtual machine could do a buffer overflow and take control of the underlying host machine. Such is the case of CVE-2005-4459.

3)      The Blue Pill scenario, in which a virtual machine loads while the host machine is booting, and then mimics the host machine, to the point where the user does not know he/she is inside a virtual machine. In this way, the attacker has full control of the host machine, and the user would have a very hard time realizing he/she is not in control. (http://en.wikipedia.org/wiki/Blue_Pill_(malware)), (http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html)

4)      Virtual machine trojans, in which a seemingly benign virtual machine you download from the Internet contains a trojan.

 

The objective of this article is to talk about #4, Virtual Machine Trojans (VMTs).

 

Read more at Infosegura.net

Advertisements

About PiroNet

Didier Pironet is an independent blogger and freelancer with +15 years of IT industry experience. Didier is also a former VMware inc. employee where he specialised in Datacenter and Cloud Infrastructure products as well as Infrastructure, Operations and IT Business Management products. Didier is passionate about technologies and he is found to be a creative and a visionary thinker, expressing with passion and excitement, hopefully inspiring and enrolling people to innovation and change.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s